🛡️ Prepare for Kuwait's NBCC framework with practical guidance and AI-driven compliance. Register now
MarketplaceCybersecurity
CybersecurityGuidelineIn 6clicks App

Baseline Cyber Security Controls for Small and Medium Organizations

The Baseline Cyber Security Controls for Small and Medium Organizations provides guidance from the Canadian Centre for Cyber Security to improve the resilience of smaller organizations through focused cybersecurity measures. It applies the 80/20 rule, aiming to achieve significant cybersecurity benefits with minimal effort.

Talk to a GRC ExpertRead source ↗Download document ↗
This guidance document offers a set of recommended cybersecurity practices tailored for small and medium organizations in Canada, defined as having fewer than 500 employees. It addresses common cybersecurity threats, such as cybercrime, and presents an actionable list of controls aimed at mitigating these risks, including incident response planning, automatic patching, secure configurations, and employee awareness training. The document emphasizes cost-effective measures and acknowledges the practical limitations faced by smaller entities. It also provides insights into organizational controls, baseline controls, and threat levels specific to this sector. This publication is part of Canada's broader effort to improve national cybersecurity resilience.
#cybersecurity#small businesses#baseline controls#incident response#patch management

Related in Cybersecurity

CybersecurityStandardIn 6clicks App

OWASP ASVS — OWASP Application Security Verification Standard

The OWASP Application Security Verification Standard (ASVS) is an open standard for testing and verifying the security of web applications. It provides developers with a comprehensive list of requirements for secure development and helps establish confidence in application security.

Issuer
OWASP Foundation
Version
4.0.2
Updated
May 2025
View detailsapplication security · web security
CybersecurityFrameworkIn 6clicks App

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Issuer
US Government
Jurisdiction
USA
Version
2.13
View detailsinformation security · cybersecurity
CybersecurityFrameworkIn 6clicks App

SOC2 — SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

Issuer
American Institute of Certified Public Accountants (AICPA)
Jurisdiction
USA
Updated
Sep 2022
View detailssoc 2 · security